CVE-2024-13231
📋 TL;DR
The WordPress Portfolio Builder plugin has an authorization bypass vulnerability that allows unauthenticated attackers to add arbitrary videos to any portfolio gallery. This affects all WordPress sites using the plugin version 1.1.7 or earlier. The vulnerability stems from missing capability checks in the 'add_video' function.
💻 Affected Systems
- WordPress Portfolio Builder – Portfolio Gallery plugin
📦 What is this software?
Portfoliohub by Portfoliohub
⚠️ Risk & Real-World Impact
Worst Case
Attackers could inject malicious or inappropriate video content into portfolio galleries, potentially compromising site integrity, damaging reputation, or serving malicious content to visitors.
Likely Case
Unauthorized video additions to galleries, potentially including spam, inappropriate content, or links to malicious sites.
If Mitigated
Limited impact if proper access controls and content moderation are in place, though unauthorized content modifications would still occur.
🎯 Exploit Status
The vulnerability is straightforward to exploit as it requires no authentication and involves simple HTTP requests to the vulnerable endpoint.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.1.8 or later
Vendor Advisory: https://plugins.trac.wordpress.org/browser/uber-grid/tags/1.1.8
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Portfolio Builder – Portfolio Gallery'. 4. Click 'Update Now' if update is available. 5. Alternatively, download version 1.1.8+ from WordPress plugin repository and replace the plugin files.
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily deactivate the Portfolio Builder plugin until patched
wp plugin deactivate uber-grid
Restrict access to admin-ajax.php
linuxLimit access to the vulnerable endpoint via web application firewall or .htaccess rules
# Add to .htaccess: <Files "admin-ajax.php"> Require all denied </Files>
🧯 If You Can't Patch
- Implement web application firewall rules to block unauthorized requests to admin-ajax.php endpoint
- Enable strict access controls and monitor for unauthorized gallery modifications
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → Installed Plugins for 'Portfolio Builder – Portfolio Gallery' version 1.1.7 or earlierCheck Version:
wp plugin list --name='Portfolio Builder – Portfolio Gallery' --field=versionVerify Fix Applied:
Verify plugin version is 1.1.8 or later in WordPress admin panel📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to /wp-admin/admin-ajax.php with action=add_video
- Multiple failed authentication attempts followed by successful gallery modifications
Network Indicators:
- HTTP POST requests to admin-ajax.php with add_video action from unauthenticated sources
SIEM Query:
source="web_access.log" AND uri="/wp-admin/admin-ajax.php" AND method="POST" AND params.action="add_video" AND NOT user_agent="WordPress/*"🔗 References
- https://plugins.trac.wordpress.org/browser/uber-grid/tags/1.1.7/src/Admin.php#L14
- https://plugins.trac.wordpress.org/browser/uber-grid/tags/1.1.7/src/Admin.php#L149
- https://plugins.trac.wordpress.org/browser/uber-grid/tags/1.1.7/src/Admin.php#L76
- https://plugins.trac.wordpress.org/browser/uber-grid/tags/1.1.7/src/Admin.php#L86
- https://www.wordfence.com/threat-intel/vulnerabilities/id/28d9ab98-c1ab-45ee-a371-6598a8347b10?source=cve
